b'                                                     ry\n                                               gulato\n                                    Nuc lear Re\n                             States    ission\n                                                                                          NUREG/BR 0272\n                      United     Comm                                                    Volume 3, Issue 1\n\n                                                                                            June 2002\n\n\n\n                                                                                      Inside this issue:\n             OIG FRAUD BULLETIN\n                                                                                      Introduction      1\n                                                                                      Regarding IT\n        Use of Information Technology\n                                                                                      Authorized Uses 2\nDid you ever imagine you could walk around a shopping mall and talk on the            of IT Equipment\ntelephone at the same time? Did you think it would be possible to have a little\nbox attached to your belt that would inform you when someone was trying to            Privacy Expecta- 2\n                   call you? Did it ever occur to you that one day you would          tions\n                   not have to use five carbons to type a memorandum and\n                   not have to rely on your memory for correct spelling? How          Prohibited Use    3-4\n                   about using a laptop on an airplane? Remarkable!                   of IT Equipment\n\n\n                                                                                      OIG Cases         5-6\n                   Information Technology has rapidly advanced over the last\n                   decade and has unlocked new frontiers for education, re-\n                   search, and sharing certain technologies with people all\n                                                                                      ATM Scam          6\nover the world. The Internet is an extremely useful tool that when used prop-\nerly can make an employee\xe2\x80\x99s job much easier.\n\n\nAs beneficial as the appropriate use of the Internet can be, the repercussions\nfor misuse of the Internet by a government employee can be very costly. Cer-\ntain sites on the Internet can be dangerous and illegal places to visit. Too\nmuch personal use can slow down information transfer from the network to               Special points of\nother computers. Employee productivity may also                                        interest:\nbe affected by excess personal use of the Internet.\n                                                                                       \xe2\x80\xa2 OIG cases involving\n                                                                                         pornographic sites\nUse of the Internet is a privilege...not a right. Mis-                                 \xe2\x80\xa2 News Articles on\nuse of government Information Technology is a mis-                                       other agencies\nconduct issue and employees could be the subject                                         views of these sites\nof disciplinary action. Accessing sites of a porno-                                    \xe2\x80\xa2 Proper Use of NRC\ngraphic nature is an example of this type of miscon-                                     IT Equipment\nduct.\n                                                                                       \xe2\x80\xa2 New ATM Scam you\n                                                         Be mindful of what appears\n                                                                                         should know about\n                                                         on the screen of your com-\nStatutes, regulations, NRC Management Directives         puter.\nand policy all provide guidance on the proper and\nimproper use of government equipment. This edi-\ntion of the OIG Fraud Bulletin is intended to summarize and clarify guidance\non the use of Information Technology equipment in the workplace and assist\nyou in the proper use of the Internet and all related government equipment.\n\x0c    Authorized Uses of Information Technology Equipment for Personal Use\n    Management Directive 2.7\n\n    According to Management Directive 2.7, the \xe2\x80\x9cNRC is extending the opportunity to its employees to\n    use government property for personal use in an effort to create a more supportive work environment.\n    In this sense, the policy grants a privilege, not a right, to use agency Information Technology for cer-\n    tain non-government purposes.\xe2\x80\x9d\n\n    Use of any NRC Information Technology for personal use is acceptable provided such use involves\n    1) minimal expense to the government, 2) is performed before or after work or during a lunch period,\n    3) does not interfere with NRC\xe2\x80\x99s mission, 4) does not violate the Standards of Ethical Conduct for\n    Employees of the Executive Branch, and 5) is not prohibited by law.\n\n    Equipment use includes personal computers, printers, software, telephones,\n    pagers, facsimile machines, photocopiers, E-mail and the Internet.\n\n    Minimal additional expense. An NRC telephone may be used for personal\n    use to call a day care provider, doctor, spouse, dentist, elderly care or other\n    place or person that may not be available after normal work hours. The tele-\n    phone numbers that are dialed should be within the local calling area and the\n                          calls should be of short duration and frequency. Other ex-\n                          amples of activities involving the use of government equipment that incur only\n                          minimal additional expense include making a few photocopies, using a com-\n                          puter printer to print out a few pages of material, infrequently sending personal\n                          E-mail messages or other limited use of the Internet for personal reasons. In\n                          addition, short facsimile transmittals within the local calling area are also accept-\n                          able.\n\n    Use of this equipment should incur only small amounts of electricity, ink, toner, or paper. Long dis-\n    tance telephone calls are only allowed if you call collect, use a calling card, dial an 800 number or\n    third party billing to your home telephone. Unauthorized use of NRC telephones is a violation of MD\n    2.3 ((D)(3)(b)(c)). The use of the agency\xe2\x80\x99s Information Technology for official business has priority\n    over personal use.\n\n    During business hours, use of the computer/Internet is perfectly acceptable to access information\n    relevant to official business. Any information that enhances an employee\xe2\x80\x99s performance to more sat-\n    isfactorily perform his or her job is considered acceptable use.\n\n    Employees may also use Information Technology to check their Thrift Savings Plan or other personal\n    investments, to seek employment, to communicate with a volunteer charity organization or to file a\n    Freedom of Information/Privacy Act request.\n\n    No Expectation of Privacy\n\n    NRC employees do not have a right, nor should they expect a right, to privacy when using any\n    agency Information Technology equipment, including the use of E-mail and the Internet. If employ-\n    ees wish that their private activities remain private they should refrain from using NRC Information\n    Technology for personal business. By using government Information Technology, NRC employees\n    consent to disclosing all information contained in the files or passing through any NRC equipment.\n\nPage 2\n                                                                                               OIG FRAUD BULLETIN\n\x0cProhibited Use of Government Equipment\nComputer Banner\n\n\nEach time an NRC employee logs onto a government computer, a banner is displayed notifying the user\nthat the computer system is subject to monitoring for maintenance, system integrity, security and for other\nofficial purposes. It states in part:\n\n\n\xe2\x80\x9cYou should not expect privacy nor protection of privileged communication with your personal attorney re-\ngarding information you create, send, receive, use or store on this system. If monitoring reveals possible\nevidence of criminal statutes, this evidence and any related information including your identification may be\nprovided to law enforcement officials, including the Office of the Inspector General. Anyone who violates\nthe regulations is subject to criminal prosecution and/or disciplinary action.\xe2\x80\x9d\n\n\nStatutes & Regulations Restricting IT Use\n\nManagement Directive 2.7, Inappropriate Personal Uses (D) further elaborates on\nthe proper and improper use of Information Technology with respect to computers,\npagers and telephones. One thing that must be clear about using Information\nTechnology (including the Internet) is that it must never be used:\n\n\n\xe2\x80\xa2   to view or download any type of pornographic material\n\xe2\x80\xa2   to view or download hate sites about race, religion, disabilities, sexual orientation, national origin\n\xe2\x80\xa2   for illegal gambling and weapons\n\xe2\x80\xa2   to support of \xe2\x80\x9cfor-profit\xe2\x80\x9d activities, i.e., consulting for pay or for sale of goods or services\n\xe2\x80\xa2   in support of a personal/private business\n\xe2\x80\xa2   to gain unauthorized access to other computer systems\n\xe2\x80\xa2   to create, copy, transmit or retransmit chain letters or other unauthorized mass mailings\n\xe2\x80\xa2   to engage in prohibited political activity\n\xe2\x80\xa2   to engage in terrorist activities\n\xe2\x80\xa2   to engage in fund raising activities (except as provided in 5 CFR 950.102)\n\xe2\x80\xa2   to endorse any product or service\n\xe2\x80\xa2   to participate in any lobbying activity or engage in any prohibited political activity\n\xe2\x80\xa2   to post agency information to external newsgroups, bulletin boards or other public forums without au-\n    thority\n\xe2\x80\xa2   to transmit any type of classified material through the Internet or the NRC servers\n\xe2\x80\xa2   to make personal use of long distance telephone calls or long distance facsimile service, use of mes-\n    sage pagers and cellular phones except as permitted by MD 2.3\n\n\n\n\n                                                                                                             Page 3\nNUREG/BR 0272\n\x0c    Con\xe2\x80\x99t.\n    Also Prohibited:\n\n\n    \xe2\x80\xa2    loading personal software onto government computers\n    \xe2\x80\xa2    unauthorized acquisition, use, reproduction, transmission, or distribution\n         of any controlled information including computer software or data that\n         includes privacy information, copyright, trademark, or material with other\n         intellectual property rights (beyond fair use), proprietary data, or export-\n         controlled software or data\n    \xe2\x80\xa2    any activity which interferes with official duties.\n\n\n\n    Office of Government Ethics\n\n    The Office of Government Ethics states in Basic Obligation of Public Service, 5 CFR \xc2\xa72635.101 \xe2\x80\x9c(b)(5)\n    Employees shall put forth honest effort in the performance of their duties\xe2\x80\xa6 (9) Employees shall protect\n    and conserve Federal property and shall not use it for other than authorized activities.\xe2\x80\x9d 5 CFR\n    \xc2\xa72635.704 Use of Government Property (a) Standard. An employee has a duty to protect and con-\n    serve Government property and shall not use such property or allow its use for other than authorized\n    purpose. (1) Government Property includes any form of real or personal property in which the Govern-\n    ment has an ownership, leasehold, or other property interest as well as any right or other intangible in-\n    terest that is purchased with Government funds, including the services of contractor personnel. The\n    term includes office supplies, telephone and other telecommunications equipment and services, the\n    Government mails, automated processing capabilities, printing and reproduction facilities, Government\n    records and Government vehicles.\n\n\n\n    Yellow Announcement\n\n    Yellow Announcement No. 077, \xe2\x80\x9cThe Use of the Internet at the NRC\xe2\x80\x9d dated December 5, 2001, states\n    in part,\n\n\n    \xe2\x80\x9c\xe2\x80\x98...NRC employees must exercise common sense, good judgment, and propriety in the use of this valu-\n    able resource\xe2\x80\xa6.\n\n\n    The NRC allows employees to use the Internet for limited personal use when such use involves mini-\n    mal or no additional expense to the government, is performed on the employees\xe2\x80\x99 non-work time, does\n    not interfere with the NRC\xe2\x80\x99s mission or operation, does not violate the Standards of Ethical Conduct for\n    Employees of the Executive Branch regulations, and is not otherwise prohibited by law.\xe2\x80\x99\xe2\x80\x9d\n\n\n\n\nPage 4\n                                                                                             OIG FRAUD BULLETIN\n\x0c                                             OIG Audit\n\n    The Office of the Inspector General performed an audit of Internet us-\n    age over an eight day period in June 2001. The results of that audit dis-\n    closed that at least 52% and as much as 79% of employee Internet ac-\n    tivity was for personal use.\n\n\n    During this audit, a data analysis was performed on computers that had\n    long hours logged into Internet sites. It was determined that in some\n    cases hundreds of hours were logged into pornographic sites. The fol-\n    lowing examples are brief summaries of OIG cases of inappropriate\n    Internet and government equipment use.\n\n\n                 OIG Cases on Misuse of Government Pagers\n\n    This OIG investigation deter-      the expenses in-                           The employee made frequent\n    mined that over a four month       curred.                                    and lengthy personal pages to\n    period an NRC manager used                                                    another continent which re-\n    an NRC assigned message                                                       sulted in excess charges to\n    pager for personal use. The        An NRC contractor                          the NRC of almost $1,100.\n    cost to the government was         employee used his                          The contractor reimbursed the\n    over $1,000.                       NRC-owned                                  NRC for the expenses in-\n                                       SKYTEL        Keep NRC issued pagers\n                                                     for business purposes\n                                                                                  curred.\n                                       pager as-\n    The employee had previously        signed to him only.                        The employee was terminated\n    planned to resign from the         for personal                               from his position as a result of\n    NRC. Upon his departure, he        communications.                            the misuse of the pager.\n    reimbursed the government for\n\n\n               OIG Cases on Pornography and Gambling\n    An Office of the Inspector Gen-    In several other separate OIG            Those contractor employees are\n    eral investigation revealed that   cases, the investigations re-            no longer employed by the com-\n    an NRC manager had                 vealed that several contractor           pany.\n    downloaded pornographic mov-       employees downloaded porno-\n    ies and pictures onto his com-     graphic images and gambling              You may use the\n    puter.                             sites onto their computers.            Internet for personal\n                                                                               reasons before and\n    The manager spent the last 6-      The contractor\xe2\x80\x99s employer has   after work or during\n    12 months viewing and              agreed to reimburse the NRC for your lunch break, as\n    downloading prohibited material    the 89 hours that their employ-  long as the use is\n    from the Internet.                 ees were engaged in prohibited     not specifically\n                                       personal use of NRC computer        prohibited by\n                                       equipment.                           Management\n    Rather than face administrative\n    action, the manager left the                                                Directive or law.\n    agency.\nPage 5\n                                                                                                    OIG FRAUD BULLETIN\n\x0c   Con\xe2\x80\x99t.\n\n    Another OIG investigation deter-      In another case investigated by    There are other cases cur-\n    mined that an NRC employee            OIG, an employee admitted us-      rently pending where NRC\n    had viewed and downloaded por-        ing his computer to view and       employees have downloaded\n    nographic material onto his NRC       access pornographic sites.         images from pornographic\n    computer totaling over 75 hours.                                         sites. The agency has not yet\n    The employee admitted to OIG          During the timeframe of May 11     made a determination on\n    investigators that he had been        to June 8 he spent almost 7        these cases.\n    doing this for almost a year. The     hours downloading and viewing\n    employee also admitted that he        sites of a sexually explicit na-\n    often spent most of his duty hours    ture. The employee admitted to\n    downloading and viewing porno-        OIG that he knew it was against\n    graphic material. He would use        NRC policy to use an NRC\n    as many as 10 diskettes to copy       computer for this type of activ-\n    the material depending on the         ity.\n    size and quantity of the images\n    he downloaded. Some of the            The NRC employee\n    diskettes he used were acquired       was suspended for\n    from the NRC Supply store.            45 days without pay.\n\n    This employee left Federal em-\n    ployment rather than face admin-\n    istrative action.\n\n\n\n\n    BEWARE: New ATM Scam\xe2\x80\x94An Actual Case\n\n    The last person at the ATM      and the customer is confused          After several attempts, the cus-\n    just completed what looked like as to why this is so. However,        tomer is convinced the machine\n    a simple transaction.           help is on the way...or is it?        has captured his card. Both the\n                                                                          customer and the thief leave the\n    The person is actually rigging      Now the perpetrator is pretend-   ATM.\n    the slot on the machine so it       ing to offer assistance. What\n    will capture the card of the next   he really is trying to               Satisfied that the coast is\n    person.                             do is obtain the cus-                clear, the thief returns to re-\n                                        tomer\xe2\x80\x99s P.I.N.                       trieve the card that has been\n    Rigging is very risky business                                           captured by his trap. He not\n    and requires a \xe2\x80\x9clookout\xe2\x80\x9d to         He convinces the                     only has the customers card\n    warn of possible witnesses          customer that he will                he also has his P.I.N.\n    and/or potential victims.           be able to retrieve\n                                        his card if he en-                   Armed with card and P.I.N. he\n    The next customer comes to          tered his P.I.N.                     was able to withdraw $1,000\n    the machine after the trap has      while he held down                   from the account.\n    been set. He inserts his card       both the \xe2\x80\x9ccancel\xe2\x80\x9d\n    and attempts a transaction.         and \xe2\x80\x9center\xe2\x80\x9d buttons.\n    The card has been captured\n\nPage 6                                                                                        OIG Fraud Bulletin\n\x0c         United States Nuclear\n         Regulatory Commission\n\n\n\n         Mail Stop T 5D-28              A small section in the U.S. News and World Re-\n         USNRC                          port, dated January 14, 2002, quoted a memo to\n         Washington, DC 20555\n                                        State Department Employees: New boss Colin\n         Phone: 301-415-5930\n                                        Powell is a nice guy, but he won\xe2\x80\x99t excuse those\n         Fax: 301-415-5091              who open porn sites on State Department Inter-\n                                        net accounts, join X-rated chat rooms, or send\n                                        out nasty E-mails. Proof: Probes and punish-\n         Hotline:                       ments are up for those who tap porn sites or\n         800-233-3497                   send chain letters or jokes of questionable\n                                        taste.\n\n\n\n\n                                 Office of the Inspector\n                                         General\n\n\n\n\n                                                                    rf in g .. .\n                                                           Keep su\n                                                                   li n e w il l\n                                                           the Hot\n                                                                b e   o n the\n                                                           soon\n                                                                WEB    !\n\n\n\n\nPage 7                                                                             NUREG/BR 0272\n\x0c'